05-12-2016 10:11 AM
Hello,
openVuln API does not return all results. For example, the advisory "cisco-sa-20080326-pptp" is not present in both /advisories/oval/all and /advisories/cvrf/all results. Could you please help?
Solved! Go to Solution.
06-03-2016 02:52 PM
Hi,
OVAL definitions are supported for high and critical Cisco IOS advisories that starting from 2010.
Regards,
Omar Santos
PSIRT
06-03-2016 01:41 PM
I looked into this a bit and experienced similar results. Playing around with other API calls, I noticed there are no advisories listed with severity "High" after 2010. Hopefully someone from PSIRT team can shed more light on this.
06-03-2016 02:52 PM
Hi,
OVAL definitions are supported for high and critical Cisco IOS advisories that starting from 2010.
Regards,
Omar Santos
PSIRT
09-24-2016 02:13 AM
Hi Omar
forgive my ignorance but should - cisco-sa-20160916-ikev1 be found within the oval API. considering it's both created after 2010 and a high cisco vulnerability. Oval looks great, would be keen to use!!
09-24-2016 02:38 PM
HI Aidan,
We just published the OVAL definition for that vulnerability today. It is posted at the OVAL Repository
and should also be available via the API.
Thank you!
OMar
09-25-2016 12:30 PM
Hey Omar. Thanks for the reply.
Will vulnerabilities be posted on the oval repository immediately after they’re found in the future? Or is it better to go with the CVSR api, as that appears to be showing all vulnerabilities at the time of posting.
Thanks for your help.
Aidan
<http://www.vodafone.co.nz/>
Aidan Houlihan
Discover Graduate
Graduate Programme
Vodafone New Zealand Ltd.
Mobile: +64 27 391 2468
Email: aidan.houlihan@vodafone.com
Lambton House, 160 Lambton Quay, Wellington, New Zealand
vodafone.co.nz <http://www.vodafone.co.nz>
This message and any files or documents attached are confidential and may also be legally privileged, protected from disclosure and/or protected by other legal rules. It is intended only for the individual or entity named. If you are not the named addressee or you have received this email in error, please inform the sender immediately, delete it from your system and do not copy or disclose it or its contents or use it for any purpose. Thank you. Please also note that transmission cannot be guaranteed to be secure or error-free.
09-26-2016 05:22 AM
Hi Aidan,
There are a few differences on the benefits between an OVAL definition and CVRF files:
06-03-2016 05:45 PM
Hi Omar,
Thank you for your explanation.
Kind regards,
Andrei
08-11-2016 08:17 AM
Hi Omar,
I just checked, there's 1882 CVRF and 81 OVAL vulnerabilities available through openVuln API, totaling 1963 vulnerabilities which is even more than it can be found on the official web page Security Advisories and Alerts - 1948 vulnerabilities. Great progress! Thank you very much!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide